Talk:Downgrading with Hardware flasher: Difference between revisions
m (Dark Mode) |
|||
(19 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
==Quick 'n Dirty prepatched== | ==Quick 'n Dirty prepatched== | ||
http://www. | * http://www.psdevwiki.com/files/firmware/MFW-CEX/Downgrader/315-downgrader.pup (163.88 MB) (MD5:954C3618BDEC277A546739CDB971C957 | SHA1:C074BD80F9F9AD13773163B69C0008528E6C2E6A | CRC16:C0FD | CRC32:75A740C5) | ||
* http://www.psdevwiki.com/files/firmware/MFW-CEX/Downgrader/341-downgrader.pup (167.1 MB) [http://www.mirrorcreator.com/files/1OEUY3WR/341-downgrader.pup_links mirror] | |||
(MD5:533C668CDB8864442991310481BCF64A | SHA1:C7AA2637BA69C675C2F13C214888D0C42EE4CDAF | CRC16:881B | CRC32:0634A651) | |||
* | * http://www.psdevwiki.com/files/firmware/MFW-CEX/Downgrader/355-downgrader.pup (170.62 MB) | ||
(MD5:8415159C72CA4050DF8B940874C52921 | SHA1:703368087CE5BF17319676CE6166CE8CCF5877C4 | CRC16:BD6B | CRC32:549F0348) | |||
::PS3MFW Features Enabled | |||
::* Change PUP build / version | |||
::* Patch LV1 (downgrader) checks | |||
::* Patch LV1 hypervisor: Allow mapping of any memory area (Needed for LV2 Poke) | |||
::* Patch LV2 kernel: Patch to add Peek&Poke system calls to LV2 | |||
::* Patch package installer: Patch to allow installation of pseudo-retail packages + debug packages | |||
::* Patch Application launcher: Patch to allow running of unsigned applications | |||
::* Add new icons to the XMB Game category: Add Install Package Files + app_home + icons to the XMB Game Category | |||
== | == 3.41 NAND Preloaderdumps downgrader patches == | ||
Use these NAND patches only on dumps made with NAND Preloader, not regular NAND dumps and not on NOR! | |||
{|class="wikitable" | {|class="wikitable" | ||
|- | |- | ||
! Target area !! Patchfile !! | ! Target area !! Patchfile !! NAND Offset !! Paste length !! Remarks | ||
|- | |||
| ROS0 || coreos_341_lv1_integryty_fix.bin patch1 (7 MB) || 0x080030 || 0x6FFFE0 || CoreOS (prepatched 3.41) | |||
|- | |- | ||
| | | ROS1 || coreos_341_lv1_integryty_fix.bin patch1 (7 MB) || 0x780020 || 0x6FFFE0 || CoreOS (SAME as ros0) | ||
|- | |- | ||
| | | trvk_prg0 (0x051800)<br />trvk_prg1 (0x052800) || trvk_prg (8 KB) || 0x051800 || 0x2000 || double patch overlapping both program revoke area's | ||
|- | |- | ||
| | | trvk_pkg0 (0x053800)<br />trvk_pkg1 (0x054800) || trvk_pkg (8 KB) || 0x053800 || 0x2000 || double patch overlapping both package revoke area's | ||
|- | |- | ||
|} | |} | ||
==== | (above patches in a single package + autopatcher file: [http://www.mirrorcreator.com/files/GPTTMIPY/3.41_NAND_Preloaderdumps_downgrader_patches.rar_links 3.41_NAND_Preloaderdumps_downgrader_patches.rar]) | ||
== 3.41 NOR downgrader patches == | |||
Use [http://www.psdevwiki.com/files/flash/patches/341-NOR%20downgrade/ 3.41-NOR patches] only on NOR consoles, not on NAND! | |||
{|class="wikitable" | {|class="wikitable" | ||
|- | |- | ||
! Target area !! Patchfile !! NOR Offset !! Paste length !! Remarks | ! Target area !! Patchfile !! NOR Offset !! Paste length !! Remarks | ||
|- | |- | ||
| ROS0 || [http://www. | | ROS0 || [http://www.psdevwiki.com/files/flash/patches/341-NOR%20downgrade/patch1 patch1 (7 MB)] || 0x0C0010 || 0x6FFFE0 || CoreOS (prepatched 3.55) | ||
|- | |- | ||
| ROS1 || [http://www. | | ROS1 || [http://www.psdevwiki.com/files/flash/patches/341-NOR%20downgrade/patch1 patch1 (7 MB)] || 0x7C0010 || 0x6FFFE0 || CoreOS (SAME as ros0) | ||
|- | |- | ||
| trvk_prg0 (0x40000) <br />trvk_prg1 (0x60000)<br />trvk_pkg0 (0x80000) <br />trvk_pkg1 (0xA0000) || [http://www. | | trvk_prg0 (0x40000) <br />trvk_prg1 (0x60000)<br />trvk_pkg0 (0x80000) <br />trvk_pkg1 (0xA0000) || [http://www.psdevwiki.com/files/flash/patches/341-NOR%20downgrade/rvk-040000 rvk-040000 (512 KB)] || 0x40000 || 0x80000 || one big patch<br />overlapping several revoke area's | ||
|- | |- | ||
|} | |} | ||
==== | (above patches in a single package + autopatcher file: [http://www.psdevwiki.com/files/flash/patches/341-NOR%20downgrade.rar 341-NOR downgrade.rar] [http://www.mirrorcreator.com/files/QAO9LNID/341-NOR_downgrade.rar_links mirror]) | ||
{|class="wikitable" | |||
=== E3 Flasher === | |||
Use these instead (already reversed), otherwise you get into a maze of bytereversing: [http://www.psdevwiki.com/files/flash/patches/341-E3%20downgrade.rar 341-E3 downgrade.rar] | |||
== PS3 Nor and Nand Auto Patcher by Rogero == | |||
=== Source === | |||
{{Boxcode|code=<syntaxhighlight lang="cpp"> | |||
/////////////////////////////////////////////////////////////////////////// | |||
// PS3 Nor and Nand Auto Patcher v0.05 by Rogero 25/Mar/2013 // | |||
/////////////////////////////////////////////////////////////////////////// | |||
#include <iostream> | |||
#include <fstream> | |||
//#include <string> | |||
#include <direct.h> | |||
#include "ConsoleColor.h" | |||
using namespace std; | |||
void Patch(char*, char*, char*, int, int); | |||
int main(int argc, char * argv[]) | |||
{ | |||
cout<<green<<"-----------------------------------------------------------------------"<<endl; | |||
cout<<" PS3 Flash Auto Patcher v4.55 by Rogero 15/Feb/2014"<<endl<<endl; | |||
cout<<" ( Patch NOR and NAND Dumps with CFW4.55 patches / No FSM needed )"<<endl; | |||
cout<<"-----------------------------------------------------------------------"<<endl<<endl; | |||
if(argc < 2){ | |||
cout <<white<< endl << "Copy your PS3's Flash Dump into the program's folder,\n\n"; | |||
cout << "Then Drag and Drop your Dump File onto the exe to apply the Downgrade Patches.\n"; | |||
cout <<yellow<< endl << endl << endl << "Press any key to exit."; | |||
cin.get(); | |||
return 0; | |||
} | |||
cout <<yellow<< "Processing the file: " <<white<< endl << argv[1] << "\n\n\n"; | |||
//WinXP current directory / Files Path Fix ///////////////////////////////// | |||
string path = argv[0]; | |||
//remove the executable file name from the full path to get current working directory | |||
path.erase(path.rfind("\\")+1, std::string::npos); | |||
//Change to Current working directory | |||
_chdir(path.c_str()); | |||
//////////////////////////////////////////////////////////////////////////// | |||
FILE *ifile; | |||
unsigned char *buf = NULL; | |||
buf = (unsigned char *) malloc(1); | |||
int type = 0; // 0 = NOR , 1 = NOR ByteReversed , 2 = Nand Interleaved , 3 = Unknown , 4 = NOR metldr 2 | |||
ifile = fopen( (char*) argv[1], "rb+"); | |||
// Detect Dump type | |||
///////////////////////////////////////////////////////////////////// | |||
if (ifile != NULL) { | |||
fseek(ifile, 0x40220, SEEK_SET); // read byte at 0x40220 | |||
fread( buf, 1, 1, ifile); | |||
//printf("%02X",(int)buf[0]); | |||
if (("%02X",(int)buf[0]) == 0x61) // Nand | |||
{ | |||
fseek(ifile, 0x40228, SEEK_SET); | |||
fread( buf, 1, 1, ifile); | |||
if (("%02X",(int)buf[0]) == 0x6C) // double check if Nand | |||
type = 2; // Nand | |||
else | |||
type = 3; // Unknown | |||
} | |||
else | |||
{ | |||
if (("%02X",(int)buf[0]) == 0x00) // Nor | |||
{ | |||
fseek(ifile, 0x420, SEEK_SET); | |||
fread( buf, 1, 1, ifile); | |||
if (("%02X",(int)buf[0]) == 0x73) // check if ByteReversed | |||
{ | |||
fseek(ifile, 0x826, SEEK_SET); | |||
fread( buf, 1, 1, ifile); | |||
if (("%02X",(int)buf[0]) == 0x32) // check if metldr 2 | |||
type = 4; // Nor with metldr 2 | |||
else | |||
type = 1; // Nor ByteReversed | |||
} | |||
else | |||
{ | |||
if (("%02X",(int)buf[0]) == 0x61) // check if Normal | |||
{ | |||
fseek(ifile, 0x827, SEEK_SET); | |||
fread( buf, 1, 1, ifile); | |||
if (("%02X",(int)buf[0]) == 0x32) // check if metldr 2 | |||
type = 4; // Nor with metldr 2 | |||
else | |||
type = 0; // Nor Normal | |||
} | |||
else | |||
type = 3; // Unknown | |||
} | |||
} | |||
else | |||
type = 3; // Unknown | |||
} | |||
} | |||
///////////////////////////////////////////////////////////////////// | |||
cout <<yellow<< "Opening Files...\n\n"; | |||
if (type == 0) // Normal dump = Progskeet | |||
{ | |||
cout << "********************************************************\n"; | |||
cout << "* This is a Normal NOR Dump (Progskeet/Winskeet style) *\n"; | |||
cout << "********************************************************\n\n"<<white; | |||
Patch(argv[1], "Data/patch1n.bin", "Temp_1.bin", 786448, 1); | |||
Patch("Temp_1.bin", "Data/patch1n.bin", "NOR_patched.bin", 8126480, 2); | |||
//Patch("bkpps3_Temp_2.bin", "Data/patch2n.bin", "bkpps3_patched.bin", 262144, 3); | |||
} | |||
if (type == 1) // Byte-swapped dump = E3 | |||
{ | |||
cout << "*******************************************************\n"; | |||
cout << "* This is a byte-reversed NOR Dump (E3 Flasher style) *\n"; | |||
cout << "*******************************************************\n\n"<<white; | |||
Patch(argv[1], "Data/patch1r.bin", "Temp_1.bin", 786448, 1); | |||
Patch("Temp_1.bin", "Data/patch1r.bin", "bkpps3_NOR_patched.bin", 8126480, 2); | |||
//Patch("bkpps3_Temp_2.bin", "Data/patch2.bin", "bkpps3_patched.bin", 262144, 3); | |||
} | |||
if (type == 0 || type == 1) | |||
{ | |||
cout <<yellow<< "Deleting Temp Files....\n"; | |||
remove("Temp_1.bin"); | |||
//remove("bkpps3_Temp_2.bin"); | |||
cout << "Done.\n"; | |||
cout << green << endl << endl << "Your NOR Dump was successfully patched and is ready to be flashed."; | |||
cout << yellow <<endl << endl << endl << "Press any key to exit."; | |||
cin.get(); | |||
return(0); | |||
} | |||
if (type == 2) // Nand | |||
{ | |||
cout << "*******************************************************\n"; | |||
cout << "* This is an Interleaved NAND Dump (by FlowRebuilder) *\n"; | |||
cout << "*******************************************************\n\n"<<white; | |||
Patch(argv[1], "Data/patch1n.bin", "Temp_1.bin", 786480, 1); | |||
Patch("Temp_1.bin", "Data/patch1n.bin", "NAND_patched.bin", 8126496, 2); | |||
//Patch("bkpps3_Temp_2.bin", "Data/patch2.bin", "bkpps3_patched.bin", 262144, 3); | |||
cout <<yellow<< "Deleting Temp Files....\n"; | |||
remove("Temp_1.bin"); | |||
//remove("bkpps3_Temp_2.bin"); | |||
cout << "Done.\n"; | |||
cout << green << endl << endl << "Your NAND Dump was successfully patched and is ready to be re-scrambled"<<endl<<"then de-interleaved into 2 flashes using latest version of FlowRebuilder."; | |||
cout << yellow <<endl << endl << endl << "Press any key to exit."; | |||
cin.get(); | |||
return(0); | |||
} | |||
if (type == 3) // Unknown | |||
{ | |||
cout <<red<< "********************************************************\n"; | |||
cout << "* This is an Unknown Flash Type or a Bad File Detected *\n"; | |||
cout << "********************************************************\n\n\n"<<white; | |||
cout << "The Program will exit now, check your Flash Dump then try again..."; | |||
cout << yellow <<endl << endl << endl << "Press any key to exit."; | |||
cin.get(); | |||
return(0); | |||
} | |||
if (type == 4) // Metldr 2 | |||
{ | |||
cout <<red<< "***********************************************************************\n"; | |||
cout << "* This is a NOR Dump with a Non-Downgradable Metldr revision Detected *\n"; | |||
cout << "***********************************************************************\n\n\n"<<white; | |||
cout << "The Program will exit now..."; | |||
cout << yellow <<endl << endl << endl << "Press any key to exit."; | |||
cin.get(); | |||
return(0); | |||
} | |||
} // end main | |||
////////////////////////////////////////////////////////////////////////////////////////////////////////////// | |||
////////////////////////////////////////////////////////////////////////////////////////////////////////////// | |||
////////////////////////////////////////////////////////////////////////////////////////////////////////////// | |||
void Patch(char* input, char* patch, char* output, int offset, int no) | |||
{ | |||
ifstream inmain(input,ios::in|ios::binary); | |||
ifstream inpatch(patch,ios::in|ios::binary); | |||
ofstream patched(output,ios::out|ios::binary); | |||
if ( inmain.is_open() ) | |||
{ | |||
if (inpatch.is_open()) | |||
{ | |||
if (patched.is_open()) | |||
{ | |||
cout << "Applying Patch Number "<<no<<"...\n"; | |||
int patchStartOffset = offset ; | |||
char ioChar; | |||
for (int i = 0; i < patchStartOffset; i++) | |||
{ | |||
inmain.get(ioChar); | |||
patched.put(ioChar); | |||
} | |||
int patchLen = 0; | |||
while (inpatch.get(ioChar)) | |||
{ | |||
patched.put(ioChar); | |||
patchLen++; | |||
} | |||
streampos mainPos = inmain.tellg(); | |||
mainPos += patchLen; | |||
inmain.seekg(mainPos); | |||
while (inmain.get(ioChar)) | |||
{ | |||
patched.put(ioChar); | |||
} | |||
patched.close(); | |||
inpatch.close(); | |||
inmain.close(); | |||
} | |||
else | |||
{ | |||
cout << "Error opening output file !!\n\n"; | |||
cout << "Please make sure you have enough free space to run the program...\n\n\n\n"; | |||
cout << "Press any key to exit."; | |||
cin.get(); | |||
exit(0); | |||
} | |||
} | |||
else | |||
{ | |||
cout << "Error opening patch file !!\n\n"; | |||
cout << "Please make sure to place the Nor Dump inside the Program's folder\n"; | |||
cout << "before you Drag and Drop.\n\n\n\n"; | |||
cout << "Press any key to exit."; | |||
cin.get(); | |||
exit(0); | |||
} | |||
} | |||
else | |||
{ | |||
cout << "Error opening input file\n"; | |||
cout << "Press any key to exit."; | |||
cin.get(); | |||
exit(0); | |||
} | |||
} | |||
</syntaxhighlight>}} | |||
== Venix Autopatcher == | |||
=== Warning === | |||
{| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;" | |||
|- | |- | ||
! | ! style="background-color:red!important;" | <span style="background-color:lightred; color:white; font-size:200%; ">Warning</span> | ||
|- | |- | ||
| | | <span style="white; color:red!important; font-size:150%; text-align:center; ">This tool is known and proven to give false positives on bad dumps that lead to permabricks. | ||
Use this method: [[Validating flash dumps]] to make sure the dumps are in crisp condition. | |||
You cannot recover from bad flash without proper dumps (e.g. bricking the console beyond repair).<br /> | |||
''<small>note: there are 12½ million bits to permabrick a console</small>''</span> | |||
|- | |- | ||
|} | |} | ||
=== Intro === | |||
Some portuguese dude (somehow venix name reminds me of a fake bricker CFW and highly hyped and never released manager long time ago) apparently never found wiki guides or used flowrebuilder/winskeet autopatcher or hexeditor with autopatch scripts. | |||
=== Versions === | |||
Venix Downgrade GUI v1.0.0.0\Venix Downgrade.exe | |||
SHA1:BED08FC1FEF623C08E84832DAB0DF428D3143BF5 | MD5:1215174ED33E599B7F23F345B01B6EF9 | CRC32:3339B7F8 | CRC16:3F31 | |||
| |||
Venix Downgrade GUI v1.0.0.1\Venix Downgrade.exe | |||
SHA1:06689D0ACB9072EE0D6BA6B9C7665A4C375F583A | MD5:F7FE9D028DC2DF6DD281E0AA90653DC4 | CRC32:0903470A | CRC16:013F | |||
=== Tests === | |||
Time for some tests, like I did with [[E3#E3_Nor_dump_checker|E3 Nor dump checker]]. | |||
==== Quick bulletproof test ==== | |||
does not test: | |||
* bad region - <span style="white; color:red!important;">not detected</span>, user not warned -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad A9 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad A10 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad A11 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad A12 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad A13 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad A14 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad A15 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad A16 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad A17 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad A18 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad A19 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad A20 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad A21 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad A22 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad boardID - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad bootldr - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad cCSD unreferenced area - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad cISD unreferenced area - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad EID unreferenced area - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad header - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad header asecure loader - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad header cISD - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad header cvtrm - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad header eEID - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad header metldr - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad metldr - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad/missing bootldr - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad/missing cCSD - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad/missing cISD0 - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad/missing cISD1 - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad/missing cISD2 - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad/missing EID0 - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad/missing EID1 - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad/missing EID2 - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad/missing EID3 - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad/missing EID4 - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad/missing EID5 - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad/missing metldr - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad/missing PerConsoleNonce - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad patterned non 00's - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad patterned non FF's - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad region - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
partly test (if user flashes that, it will permabrick): | |||
* bad A0 wire - detected, 00 filled file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad A1 wire - detected, 00 filled file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad A2 wire - detected, 00 filled file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad A3 wire - detected, 00 filled file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad A4 wire - detected, 00 filled file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad A5 wire - detected, 00 filled file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad A6 wire - detected, 00 filled file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad A7 wire - detected, 00 filled file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad A8 wire - detected, 00 filled file created -> result = <span style="white; color:red!important;">brick file</span> | |||
* bad header IFI - detected, patch file created -> result = <span style="white; color:red!important;">brick file</span> | |||
does test: | |||
* circulair reference - errors out: "The process cannot access the file '\nor-validationtest\venix.bin' because it is being used by another process." -> result = OK | |||
==== Conclusion ==== | |||
Conclusion : '''<span style="white; color:red!important;">USELESS</span>''', brickdumps will still show as 'valid' and corrupt patch files will be generated, not preventing the user from permabricking. <br /> | |||
==== Recomendation ==== | |||
'''<span style="white; color:red!important;">Recommendation: [[Validating flash dumps|Validate flash dumps]] first and use [http://www.psdevwiki.com/files/flash/Tools/Flowrebuilder/ Flowrebuilder] or [http://www.psdevwiki.com/files/flash/Tools/Progskeet/Winskeet/ Winskeet] with [http://www.psdevwiki.com/files/flash/patches/ autopatcher] instead.''' | |||
=== Newssites that news'ed the 'tool' === | |||
* <span style="text-decoration: line-through;">http://www.ps3crunch.net/forum/threads/3162-Venix-Downgrade-GUI-released-for-Playstation-3</span> (removed it later) | |||
* http://psx-scene.com/forums/content/venix-downgrade-gui-automated-downgrader-validator-2118 (added warning "USE WITH CAUTION!!!! Read the posts below first!!!!") | |||
* http://www.ps3news.com/ps3-cfw-mfw/venix-downgrade-ps3-4-11-to-3-55-patch-gui-is-released/ | |||
=== Newssite that refused to news it === | |||
* http://www.ps3hax.net/2012/04/warning-venix-autopatcher-is-a-dangerous-tool-do-not-use-it/ (they had read above warning on wiki and decided it was best for their users not to frontpage it) | |||
=== Patches contained inside binairy === | |||
==== trvk_prg ==== | |||
===== 1 ===== | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
00701BB0 00 00 00 00 00 ..... | |||
00701BC0 00 00 00 00 00 00 00 00 00 02 E0 53 43 45 00 00 ..........àSCE.. | |||
00701BD0 00 00 02 00 00 00 02 00 00 00 00 00 00 00 00 00 ................ | |||
00701BE0 00 02 00 00 00 00 00 00 00 00 E0 11 07 9A A0 E5 ..........à..š å | |||
00701BF0 A2 D4 48 DE 06 9C E7 E3 74 A8 67 33 E5 95 F4 56 ¢ÔHÞ.œçãt¨g3å•ôV | |||
00701C00 F4 DC E3 9B 64 56 A1 0C 11 98 79 ôÜã›dV¡..˜y | |||
... | |||
===== 2 ===== | |||
(same as 1) | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
00702BA0 00 00 00 00 00 ..... | |||
00702BB0 00 00 00 00 00 00 00 00 00 02 E0 53 43 45 00 00 ..........àSCE.. | |||
00702BC0 00 00 02 00 00 00 02 00 00 00 00 00 00 00 00 00 ................ | |||
00702BD0 00 02 00 00 00 00 00 00 00 00 E0 11 07 9A A0 E5 ..........à..š å | |||
00702BE0 A2 D4 48 DE 06 9C E7 E3 74 A8 67 33 E5 95 F4 56 ¢ÔHÞ.œçãt¨g3å•ôV | |||
00702BF0 F4 DC E3 9B 64 56 A1 0C 11 98 79 ôÜã›dV¡..˜y | |||
... | |||
===== 3 ===== | |||
(same as 1) | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
01545B90 00 00 .. | |||
01545BA0 00 00 00 00 00 00 00 00 00 00 00 00 00 02 E0 53 ..............àS | |||
01545BB0 43 45 00 00 00 00 02 00 00 00 02 00 00 00 00 00 CE.............. | |||
01545BC0 00 00 00 00 00 02 00 00 00 00 00 00 00 00 E0 11 ..............à. | |||
01545BD0 07 9A A0 E5 A2 D4 48 DE 06 9C E7 E3 74 A8 67 33 .š å¢ÔHÞ.œçãt¨g3 | |||
01545BE0 E5 95 F4 56 F4 DC E3 9B 64 56 A1 0C 11 98 79 å•ôVôÜã›dV¡..˜y | |||
... | |||
==== trvk_pkg ==== | |||
===== 4 ===== | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
00703BB0 00 00 00 00 00 ..... | |||
00703BC0 00 00 00 00 00 00 00 00 00 02 60 53 43 45 00 00 ..........`SCE.. | |||
00703BD0 00 00 02 00 00 00 02 00 00 00 00 00 00 00 00 00 ................ | |||
00703BE0 00 02 00 00 00 00 00 00 00 00 60 BD 25 0F C3 46 ..........`½%.ÃF | |||
00703BF0 1C ED 7C A9 0D 0B 63 31 C5 10 FD 5C A0 CA 58 D3 .í|©..c1Å.ý\ ÊXÓ | |||
00703C00 F1 A9 DB B7 03 C5 94 66 83 C1 96 ñ©Û·.Å”fƒÁ– | |||
... | |||
===== 5 ===== | |||
(same as 1) | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
01505B80 00 00 00 00 00 00 00 00 00 00 00 ........... | |||
01505B90 00 00 00 02 60 53 43 45 00 00 00 00 02 00 00 00 ....`SCE........ | |||
01505BA0 02 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 ................ | |||
01505BB0 00 00 00 00 60 BD 25 0F C3 46 1C ED 7C A9 0D 0B ....`½%.ÃF.í|©.. | |||
01505BC0 63 31 C5 10 FD 5C A0 CA 58 D3 F1 A9 DB B7 03 C5 c1Å.ý\ ÊXÓñ©Û·.Å | |||
01505BD0 94 66 83 C1 96 ”fƒÁ– | |||
... | |||
===== 6 ===== | |||
(same as 4) | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
01525B90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .............. | |||
01525BA0 02 60 53 43 45 00 00 00 00 02 00 00 00 02 00 00 .`SCE........... | |||
01525BB0 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 ................ | |||
01525BC0 00 60 BD 25 0F C3 46 1C ED 7C A9 0D 0B 63 31 C5 .`½%.ÃF.í|©..c1Å | |||
01525BD0 10 FD 5C A0 CA 58 D3 F1 A9 DB B7 03 C5 94 66 83 .ý\ ÊXÓñ©Û·.Å”fƒ | |||
01525BE0 C1 96 Á– | |||
... | |||
==== ros ==== | |||
===== 7 ===== | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
00001BA0 00 00 00 01 00 00 00 18 00 00 .......... | |||
00001BB0 00 00 00 6F FF E0 00 00 00 00 00 00 04 90 00 00 ...oÿà.......... | |||
00001BC0 00 00 00 00 42 98 61 69 6D 5F 73 70 75 5F 6D 6F ....B˜aim_spu_mo | |||
00001BD0 64 75 6C 65 2E 73 65 6C 66 00 00 00 00 00 00 00 dule.self....... | |||
00001BE0 00 00 00 00 00 00 00 00 00 00 00 00 47 30 00 00 ............G0.. | |||
00001BF0 00 00 00 01 F6 D8 61 70 70 6C 64 72 00 00 00 00 ....öØappldr.... | |||
00001C00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |||
===== 8 ===== | |||
(same as 7) | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
00705BA0 00 00 00 01 00 ..... | |||
00705BB0 00 00 18 00 00 00 00 00 6F FF E0 00 00 00 00 00 ........oÿà..... | |||
00705BC0 00 04 90 00 00 00 00 00 00 42 98 61 69 6D 5F 73 .........B˜aim_s | |||
00705BD0 70 75 5F 6D 6F 64 75 6C 65 2E 73 65 6C 66 00 00 pu_module.self.. | |||
00705BE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |||
00705BF0 00 47 30 00 00 00 00 00 01 F6 D8 61 70 70 6C 64 .G0......öØappld | |||
00705C00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r............... | |||
===== 9 ===== | |||
(same as 7) | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
00E05B90 00 00 00 01 00 00 00 18 ........ | |||
00E05BA0 00 00 00 00 00 6F FF E0 00 00 00 00 00 00 04 90 .....oÿà........ | |||
00E05BB0 00 00 00 00 00 00 42 98 61 69 6D 5F 73 70 75 5F ......B˜aim_spu_ | |||
00E05BC0 6D 6F 64 75 6C 65 2E 73 65 6C 66 00 00 00 00 00 module.self..... | |||
00E05BD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 47 30 ..............G0 | |||
00E05BE0 00 00 00 00 00 01 F6 D8 61 70 70 6C 64 72 00 00 ......öØappldr.. | |||
00E05BF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |||
==== Note ==== | |||
wiki v2 downgrader contains 2 patchsets, used on 3 offsets. Having 9 sounds like a bit of overkill to bloat the binairy. | |||
=== Checks === | |||
There is not much checked in the patcher: | |||
- only size is checked | |||
- and header "oÿà" (bytereversed, like with progskeet, teensy etc) versus "àÿo" (as E3). | |||
==== 10 ==== | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
00001A30 0A 4E 00 61 00 6E 00 64 00 31 00 00 00 00 00 18 .N.a.n.d.1...... | |||
00001A40 4E 00 61 00 6E 00 64 00 31 00 52 00 65 00 70 00 N.a.n.d.1.R.e.p. | |||
00001A50 65 00 61 00 74 00 31 00 E5 FF 6F 00 14 4E 00 61 e.a.t.1.åÿo..N.a | |||
00001A60 00 6E 00 64 00 31 00 53 00 74 00 61 00 72 00 74 .n.d.1.S.t.a.r.t | |||
00001A70 00 ED FF 6F 00 0A 4E 00 61 00 6E 00 64 00 32 00 .íÿo..N.a.n.d.2. | |||
00001A80 F5 FF 6F 00 14 4E 00 61 00 6E 00 64 00 32 00 53 õÿo..N.a.n.d.2.S | |||
00001A90 00 74 00 61 00 72 00 74 00 FA 3F 70 00 12 4E 00 .t.a.r.t.ú?p..N. | |||
00001AA0 61 00 6E 00 64 00 43 00 6F 00 75 00 6E 00 74 00 a.n.d.C.o.u.n.t. | |||
00001AB0 02 40 70 00 08 4E 00 6F 00 72 00 31 00 05 40 70 [email protected]..@p | |||
00001AC0 00 12 4E 00 6F 00 72 00 31 00 53 00 74 00 61 00 ..N.o.r.1.S.t.a. | |||
00001AD0 72 00 74 00 EA 3F E0 00 08 4E 00 6F 00 72 00 32 r.t.ê?à..N.o.r.2 | |||
00001AE0 00 F2 3F E0 00 12 4E 00 6F 00 72 00 32 00 53 00 .ò?à..N.o.r.2.S. | |||
00001AF0 74 00 61 00 72 00 74 00 D7 3F 50 01 08 4E 00 6F t.a.r.t.×?P..N.o | |||
00001B00 00 72 00 33 00 DF 3F 50 01 12 4E 00 6F 00 72 00 .r.3.ß?P..N.o.r. | |||
00001B10 33 00 53 00 74 00 61 00 72 00 74 00 E4 3F 52 01 3.S.t.a.r.t.ä?R. | |||
00001B20 08 4E 00 6F 00 72 00 34 00 EC 3F 52 01 12 4E 00 .N.o.r.4.ì?R..N. | |||
00001B30 6F 00 72 00 34 00 53 00 74 00 61 00 72 00 74 00 o.r.4.S.t.a.r.t. | |||
00001B40 F1 3F 54 01 08 4E 00 6F 00 72 00 35 00 F9 3F 54 ñ?T..N.o.r.5.ù?T | |||
00001B50 01 12 4E 00 6F 00 72 00 35 00 53 00 74 00 61 00 ..N.o.r.5.S.t.a. | |||
00001B60 72 00 74 00 FE 3F 56 01 08 4E 00 6F 00 72 00 36 r.t.þ?V..N.o.r.6 | |||
00001B70 00 06 40 56 01 12 4E 00 6F 00 72 00 36 00 53 00 [email protected]. | |||
00001B80 74 00 61 00 72 00 74 00 0B 40 58 01 10 4E 00 6F [email protected] | |||
00001B90 00 72 00 43 00 6F 00 75 00 6E 00 74 00 13 40 58 .r.C.o.u.n.t..@X | |||
00001BA0 01 20 E0 FF 6F 00 00 00 00 01 00 00 00 18 00 00 . àÿo........... | |||
00001BB0 00 00 00 6F FF E0 00 00 00 00 00 00 04 90 00 00 ...oÿà.......... | |||
Thus it fails miserably in the comparison of [[Validating_flash_dumps#Flowrebuilder|Flowrebuilder']] options like un/rescramble + de-/interleave, bytereverse, unpacking and autopatching, while checking and informing the user about possible errors in the dump. | |||
=== Venix Downgrade GUI v1.2 BETA === | |||
http://psx-scene.com/forums/content/venix-downgrade-gui-v1-2-beta-improved-validation-2135/ | |||
=== | ==== Quick bulletproof test ==== | ||
<span style="white; color:red!important;">wrongly detected:</span> | |||
* bad A0 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad A1 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad A2 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad A3 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad A4 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad A5 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad A6 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad A7 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad A8 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad A9 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad A10 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad A11 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad A12 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad A13 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad A14 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad A15 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad A16 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad A17 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad A18 wire -> <span style="white; color:red!important;">Validation Failedff byte count</span> | |||
* bad A19 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad A20 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad A21 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad A22 wire -> <span style="white; color:red!important;">Validation Failedff byte count</span> | |||
* bad bootldr -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad bootldr -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad cCSD unreferenced area -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad cISD unreferenced area -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad EID unreferenced area -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad header -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad header asecure loader -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad header cISD -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad header cvtrm -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad header eEID -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad IFI -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad header trvk -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad metldr -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad/missing bootldr -> <span style="white; color:red!important;">Validation Failedff byte count</span> | |||
* bad/missing cCSD -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad/missing cISD0 -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad/missing cISD1 -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad/missing cISD2 -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad/missing EID0 -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad/missing EID1 -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad/missing EID2 -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad/missing EID3 -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad/missing EID4 -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad/missing EID5 -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad/missing metldr -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad/missing PerConsoleNonce -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad patterned non 00's -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad patterned non FF's -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad region -> <span style="white; color:red!important;">Validation Failed00 byte count</span> | |||
* bad filelength -> <span style="white; color:red!important;">application hangs</span> | |||
* known good reference dumps (184) -> <span style="white; color:red!important;">'''Validation Failed00 byte count'''</span> | |||
=== | ==== Conclusion ==== | ||
<span style="white; color:red!important;">'''USELESS'''</span>, 100% valid files will be failing 00/ff check. Improper files will be failing 00/ff check too, and no detection of the root of the cause. Nothing was patched and gives the user a permanent false sense of having bad dumps without leads of what to solve. | |||
Latest revision as of 03:43, 1 July 2023
Quick 'n Dirty prepatched[edit source]
- http://www.psdevwiki.com/files/firmware/MFW-CEX/Downgrader/315-downgrader.pup (163.88 MB) (MD5:954C3618BDEC277A546739CDB971C957 | SHA1:C074BD80F9F9AD13773163B69C0008528E6C2E6A | CRC16:C0FD | CRC32:75A740C5)
- http://www.psdevwiki.com/files/firmware/MFW-CEX/Downgrader/341-downgrader.pup (167.1 MB) mirror
(MD5:533C668CDB8864442991310481BCF64A | SHA1:C7AA2637BA69C675C2F13C214888D0C42EE4CDAF | CRC16:881B | CRC32:0634A651)
(MD5:8415159C72CA4050DF8B940874C52921 | SHA1:703368087CE5BF17319676CE6166CE8CCF5877C4 | CRC16:BD6B | CRC32:549F0348)
- PS3MFW Features Enabled
- Change PUP build / version
- Patch LV1 (downgrader) checks
- Patch LV1 hypervisor: Allow mapping of any memory area (Needed for LV2 Poke)
- Patch LV2 kernel: Patch to add Peek&Poke system calls to LV2
- Patch package installer: Patch to allow installation of pseudo-retail packages + debug packages
- Patch Application launcher: Patch to allow running of unsigned applications
- Add new icons to the XMB Game category: Add Install Package Files + app_home + icons to the XMB Game Category
- PS3MFW Features Enabled
3.41 NAND Preloaderdumps downgrader patches[edit source]
Use these NAND patches only on dumps made with NAND Preloader, not regular NAND dumps and not on NOR!
Target area | Patchfile | NAND Offset | Paste length | Remarks |
---|---|---|---|---|
ROS0 | coreos_341_lv1_integryty_fix.bin patch1 (7 MB) | 0x080030 | 0x6FFFE0 | CoreOS (prepatched 3.41) |
ROS1 | coreos_341_lv1_integryty_fix.bin patch1 (7 MB) | 0x780020 | 0x6FFFE0 | CoreOS (SAME as ros0) |
trvk_prg0 (0x051800) trvk_prg1 (0x052800) |
trvk_prg (8 KB) | 0x051800 | 0x2000 | double patch overlapping both program revoke area's |
trvk_pkg0 (0x053800) trvk_pkg1 (0x054800) |
trvk_pkg (8 KB) | 0x053800 | 0x2000 | double patch overlapping both package revoke area's |
(above patches in a single package + autopatcher file: 3.41_NAND_Preloaderdumps_downgrader_patches.rar)
3.41 NOR downgrader patches[edit source]
Use 3.41-NOR patches only on NOR consoles, not on NAND!
Target area | Patchfile | NOR Offset | Paste length | Remarks |
---|---|---|---|---|
ROS0 | patch1 (7 MB) | 0x0C0010 | 0x6FFFE0 | CoreOS (prepatched 3.55) |
ROS1 | patch1 (7 MB) | 0x7C0010 | 0x6FFFE0 | CoreOS (SAME as ros0) |
trvk_prg0 (0x40000) trvk_prg1 (0x60000) trvk_pkg0 (0x80000) trvk_pkg1 (0xA0000) |
rvk-040000 (512 KB) | 0x40000 | 0x80000 | one big patch overlapping several revoke area's |
(above patches in a single package + autopatcher file: 341-NOR downgrade.rar mirror)
E3 Flasher[edit source]
Use these instead (already reversed), otherwise you get into a maze of bytereversing: 341-E3 downgrade.rar
PS3 Nor and Nand Auto Patcher by Rogero[edit source]
Source[edit source]
/////////////////////////////////////////////////////////////////////////// // PS3 Nor and Nand Auto Patcher v0.05 by Rogero 25/Mar/2013 // /////////////////////////////////////////////////////////////////////////// #include <iostream> #include <fstream> //#include <string> #include <direct.h> #include "ConsoleColor.h" using namespace std; void Patch(char*, char*, char*, int, int); int main(int argc, char * argv[]) { cout<<green<<"-----------------------------------------------------------------------"<<endl; cout<<" PS3 Flash Auto Patcher v4.55 by Rogero 15/Feb/2014"<<endl<<endl; cout<<" ( Patch NOR and NAND Dumps with CFW4.55 patches / No FSM needed )"<<endl; cout<<"-----------------------------------------------------------------------"<<endl<<endl; if(argc < 2){ cout <<white<< endl << "Copy your PS3's Flash Dump into the program's folder,\n\n"; cout << "Then Drag and Drop your Dump File onto the exe to apply the Downgrade Patches.\n"; cout <<yellow<< endl << endl << endl << "Press any key to exit."; cin.get(); return 0; } cout <<yellow<< "Processing the file: " <<white<< endl << argv[1] << "\n\n\n"; //WinXP current directory / Files Path Fix ///////////////////////////////// string path = argv[0]; //remove the executable file name from the full path to get current working directory path.erase(path.rfind("\\")+1, std::string::npos); //Change to Current working directory _chdir(path.c_str()); //////////////////////////////////////////////////////////////////////////// FILE *ifile; unsigned char *buf = NULL; buf = (unsigned char *) malloc(1); int type = 0; // 0 = NOR , 1 = NOR ByteReversed , 2 = Nand Interleaved , 3 = Unknown , 4 = NOR metldr 2 ifile = fopen( (char*) argv[1], "rb+"); // Detect Dump type ///////////////////////////////////////////////////////////////////// if (ifile != NULL) { fseek(ifile, 0x40220, SEEK_SET); // read byte at 0x40220 fread( buf, 1, 1, ifile); //printf("%02X",(int)buf[0]); if (("%02X",(int)buf[0]) == 0x61) // Nand { fseek(ifile, 0x40228, SEEK_SET); fread( buf, 1, 1, ifile); if (("%02X",(int)buf[0]) == 0x6C) // double check if Nand type = 2; // Nand else type = 3; // Unknown } else { if (("%02X",(int)buf[0]) == 0x00) // Nor { fseek(ifile, 0x420, SEEK_SET); fread( buf, 1, 1, ifile); if (("%02X",(int)buf[0]) == 0x73) // check if ByteReversed { fseek(ifile, 0x826, SEEK_SET); fread( buf, 1, 1, ifile); if (("%02X",(int)buf[0]) == 0x32) // check if metldr 2 type = 4; // Nor with metldr 2 else type = 1; // Nor ByteReversed } else { if (("%02X",(int)buf[0]) == 0x61) // check if Normal { fseek(ifile, 0x827, SEEK_SET); fread( buf, 1, 1, ifile); if (("%02X",(int)buf[0]) == 0x32) // check if metldr 2 type = 4; // Nor with metldr 2 else type = 0; // Nor Normal } else type = 3; // Unknown } } else type = 3; // Unknown } } ///////////////////////////////////////////////////////////////////// cout <<yellow<< "Opening Files...\n\n"; if (type == 0) // Normal dump = Progskeet { cout << "********************************************************\n"; cout << "* This is a Normal NOR Dump (Progskeet/Winskeet style) *\n"; cout << "********************************************************\n\n"<<white; Patch(argv[1], "Data/patch1n.bin", "Temp_1.bin", 786448, 1); Patch("Temp_1.bin", "Data/patch1n.bin", "NOR_patched.bin", 8126480, 2); //Patch("bkpps3_Temp_2.bin", "Data/patch2n.bin", "bkpps3_patched.bin", 262144, 3); } if (type == 1) // Byte-swapped dump = E3 { cout << "*******************************************************\n"; cout << "* This is a byte-reversed NOR Dump (E3 Flasher style) *\n"; cout << "*******************************************************\n\n"<<white; Patch(argv[1], "Data/patch1r.bin", "Temp_1.bin", 786448, 1); Patch("Temp_1.bin", "Data/patch1r.bin", "bkpps3_NOR_patched.bin", 8126480, 2); //Patch("bkpps3_Temp_2.bin", "Data/patch2.bin", "bkpps3_patched.bin", 262144, 3); } if (type == 0 || type == 1) { cout <<yellow<< "Deleting Temp Files....\n"; remove("Temp_1.bin"); //remove("bkpps3_Temp_2.bin"); cout << "Done.\n"; cout << green << endl << endl << "Your NOR Dump was successfully patched and is ready to be flashed."; cout << yellow <<endl << endl << endl << "Press any key to exit."; cin.get(); return(0); } if (type == 2) // Nand { cout << "*******************************************************\n"; cout << "* This is an Interleaved NAND Dump (by FlowRebuilder) *\n"; cout << "*******************************************************\n\n"<<white; Patch(argv[1], "Data/patch1n.bin", "Temp_1.bin", 786480, 1); Patch("Temp_1.bin", "Data/patch1n.bin", "NAND_patched.bin", 8126496, 2); //Patch("bkpps3_Temp_2.bin", "Data/patch2.bin", "bkpps3_patched.bin", 262144, 3); cout <<yellow<< "Deleting Temp Files....\n"; remove("Temp_1.bin"); //remove("bkpps3_Temp_2.bin"); cout << "Done.\n"; cout << green << endl << endl << "Your NAND Dump was successfully patched and is ready to be re-scrambled"<<endl<<"then de-interleaved into 2 flashes using latest version of FlowRebuilder."; cout << yellow <<endl << endl << endl << "Press any key to exit."; cin.get(); return(0); } if (type == 3) // Unknown { cout <<red<< "********************************************************\n"; cout << "* This is an Unknown Flash Type or a Bad File Detected *\n"; cout << "********************************************************\n\n\n"<<white; cout << "The Program will exit now, check your Flash Dump then try again..."; cout << yellow <<endl << endl << endl << "Press any key to exit."; cin.get(); return(0); } if (type == 4) // Metldr 2 { cout <<red<< "***********************************************************************\n"; cout << "* This is a NOR Dump with a Non-Downgradable Metldr revision Detected *\n"; cout << "***********************************************************************\n\n\n"<<white; cout << "The Program will exit now..."; cout << yellow <<endl << endl << endl << "Press any key to exit."; cin.get(); return(0); } } // end main ////////////////////////////////////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////////////////////////////////////// void Patch(char* input, char* patch, char* output, int offset, int no) { ifstream inmain(input,ios::in|ios::binary); ifstream inpatch(patch,ios::in|ios::binary); ofstream patched(output,ios::out|ios::binary); if ( inmain.is_open() ) { if (inpatch.is_open()) { if (patched.is_open()) { cout << "Applying Patch Number "<<no<<"...\n"; int patchStartOffset = offset ; char ioChar; for (int i = 0; i < patchStartOffset; i++) { inmain.get(ioChar); patched.put(ioChar); } int patchLen = 0; while (inpatch.get(ioChar)) { patched.put(ioChar); patchLen++; } streampos mainPos = inmain.tellg(); mainPos += patchLen; inmain.seekg(mainPos); while (inmain.get(ioChar)) { patched.put(ioChar); } patched.close(); inpatch.close(); inmain.close(); } else { cout << "Error opening output file !!\n\n"; cout << "Please make sure you have enough free space to run the program...\n\n\n\n"; cout << "Press any key to exit."; cin.get(); exit(0); } } else { cout << "Error opening patch file !!\n\n"; cout << "Please make sure to place the Nor Dump inside the Program's folder\n"; cout << "before you Drag and Drop.\n\n\n\n"; cout << "Press any key to exit."; cin.get(); exit(0); } } else { cout << "Error opening input file\n"; cout << "Press any key to exit."; cin.get(); exit(0); } }
Venix Autopatcher[edit source]
Warning[edit source]
Warning |
---|
This tool is known and proven to give false positives on bad dumps that lead to permabricks.
Use this method: Validating flash dumps to make sure the dumps are in crisp condition. You cannot recover from bad flash without proper dumps (e.g. bricking the console beyond repair). |
Intro[edit source]
Some portuguese dude (somehow venix name reminds me of a fake bricker CFW and highly hyped and never released manager long time ago) apparently never found wiki guides or used flowrebuilder/winskeet autopatcher or hexeditor with autopatch scripts.
Versions[edit source]
Venix Downgrade GUI v1.0.0.0\Venix Downgrade.exe SHA1:BED08FC1FEF623C08E84832DAB0DF428D3143BF5 | MD5:1215174ED33E599B7F23F345B01B6EF9 | CRC32:3339B7F8 | CRC16:3F31 Venix Downgrade GUI v1.0.0.1\Venix Downgrade.exe SHA1:06689D0ACB9072EE0D6BA6B9C7665A4C375F583A | MD5:F7FE9D028DC2DF6DD281E0AA90653DC4 | CRC32:0903470A | CRC16:013F
Tests[edit source]
Time for some tests, like I did with E3 Nor dump checker.
Quick bulletproof test[edit source]
does not test:
- bad region - not detected, user not warned -> result = brick file
- bad A9 wire - not detected, patch file created -> result = brick file
- bad A10 wire - not detected, patch file created -> result = brick file
- bad A11 wire - not detected, patch file created -> result = brick file
- bad A12 wire - not detected, patch file created -> result = brick file
- bad A13 wire - not detected, patch file created -> result = brick file
- bad A14 wire - not detected, patch file created -> result = brick file
- bad A15 wire - not detected, patch file created -> result = brick file
- bad A16 wire - not detected, patch file created -> result = brick file
- bad A17 wire - not detected, patch file created -> result = brick file
- bad A18 wire - not detected, patch file created -> result = brick file
- bad A19 wire - not detected, patch file created -> result = brick file
- bad A20 wire - not detected, patch file created -> result = brick file
- bad A21 wire - not detected, patch file created -> result = brick file
- bad A22 wire - not detected, patch file created -> result = brick file
- bad boardID - not detected, patch file created -> result = brick file
- bad bootldr - not detected, patch file created -> result = brick file
- bad cCSD unreferenced area - not detected, patch file created -> result = brick file
- bad cISD unreferenced area - not detected, patch file created -> result = brick file
- bad EID unreferenced area - not detected, patch file created -> result = brick file
- bad header - not detected, patch file created -> result = brick file
- bad header asecure loader - not detected, patch file created -> result = brick file
- bad header cISD - not detected, patch file created -> result = brick file
- bad header cvtrm - not detected, patch file created -> result = brick file
- bad header eEID - not detected, patch file created -> result = brick file
- bad header metldr - not detected, patch file created -> result = brick file
- bad metldr - not detected, patch file created -> result = brick file
- bad/missing bootldr - not detected, patch file created -> result = brick file
- bad/missing cCSD - not detected, patch file created -> result = brick file
- bad/missing cISD0 - not detected, patch file created -> result = brick file
- bad/missing cISD1 - not detected, patch file created -> result = brick file
- bad/missing cISD2 - not detected, patch file created -> result = brick file
- bad/missing EID0 - not detected, patch file created -> result = brick file
- bad/missing EID1 - not detected, patch file created -> result = brick file
- bad/missing EID2 - not detected, patch file created -> result = brick file
- bad/missing EID3 - not detected, patch file created -> result = brick file
- bad/missing EID4 - not detected, patch file created -> result = brick file
- bad/missing EID5 - not detected, patch file created -> result = brick file
- bad/missing metldr - not detected, patch file created -> result = brick file
- bad/missing PerConsoleNonce - not detected, patch file created -> result = brick file
- bad patterned non 00's - not detected, patch file created -> result = brick file
- bad patterned non FF's - not detected, patch file created -> result = brick file
- bad region - not detected, patch file created -> result = brick file
partly test (if user flashes that, it will permabrick):
- bad A0 wire - detected, 00 filled file created -> result = brick file
- bad A1 wire - detected, 00 filled file created -> result = brick file
- bad A2 wire - detected, 00 filled file created -> result = brick file
- bad A3 wire - detected, 00 filled file created -> result = brick file
- bad A4 wire - detected, 00 filled file created -> result = brick file
- bad A5 wire - detected, 00 filled file created -> result = brick file
- bad A6 wire - detected, 00 filled file created -> result = brick file
- bad A7 wire - detected, 00 filled file created -> result = brick file
- bad A8 wire - detected, 00 filled file created -> result = brick file
- bad header IFI - detected, patch file created -> result = brick file
does test:
- circulair reference - errors out: "The process cannot access the file '\nor-validationtest\venix.bin' because it is being used by another process." -> result = OK
Conclusion[edit source]
Conclusion : USELESS, brickdumps will still show as 'valid' and corrupt patch files will be generated, not preventing the user from permabricking.
Recomendation[edit source]
Recommendation: Validate flash dumps first and use Flowrebuilder or Winskeet with autopatcher instead.
Newssites that news'ed the 'tool'[edit source]
- http://www.ps3crunch.net/forum/threads/3162-Venix-Downgrade-GUI-released-for-Playstation-3 (removed it later)
- http://psx-scene.com/forums/content/venix-downgrade-gui-automated-downgrader-validator-2118 (added warning "USE WITH CAUTION!!!! Read the posts below first!!!!")
- http://www.ps3news.com/ps3-cfw-mfw/venix-downgrade-ps3-4-11-to-3-55-patch-gui-is-released/
Newssite that refused to news it[edit source]
- http://www.ps3hax.net/2012/04/warning-venix-autopatcher-is-a-dangerous-tool-do-not-use-it/ (they had read above warning on wiki and decided it was best for their users not to frontpage it)
Patches contained inside binairy[edit source]
trvk_prg[edit source]
1[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00701BB0 00 00 00 00 00 ..... 00701BC0 00 00 00 00 00 00 00 00 00 02 E0 53 43 45 00 00 ..........àSCE.. 00701BD0 00 00 02 00 00 00 02 00 00 00 00 00 00 00 00 00 ................ 00701BE0 00 02 00 00 00 00 00 00 00 00 E0 11 07 9A A0 E5 ..........à..š å 00701BF0 A2 D4 48 DE 06 9C E7 E3 74 A8 67 33 E5 95 F4 56 ¢ÔHÞ.œçãt¨g3å•ôV 00701C00 F4 DC E3 9B 64 56 A1 0C 11 98 79 ôÜã›dV¡..˜y ...
2[edit source]
(same as 1)
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00702BA0 00 00 00 00 00 ..... 00702BB0 00 00 00 00 00 00 00 00 00 02 E0 53 43 45 00 00 ..........àSCE.. 00702BC0 00 00 02 00 00 00 02 00 00 00 00 00 00 00 00 00 ................ 00702BD0 00 02 00 00 00 00 00 00 00 00 E0 11 07 9A A0 E5 ..........à..š å 00702BE0 A2 D4 48 DE 06 9C E7 E3 74 A8 67 33 E5 95 F4 56 ¢ÔHÞ.œçãt¨g3å•ôV 00702BF0 F4 DC E3 9B 64 56 A1 0C 11 98 79 ôÜã›dV¡..˜y ...
3[edit source]
(same as 1)
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 01545B90 00 00 .. 01545BA0 00 00 00 00 00 00 00 00 00 00 00 00 00 02 E0 53 ..............àS 01545BB0 43 45 00 00 00 00 02 00 00 00 02 00 00 00 00 00 CE.............. 01545BC0 00 00 00 00 00 02 00 00 00 00 00 00 00 00 E0 11 ..............à. 01545BD0 07 9A A0 E5 A2 D4 48 DE 06 9C E7 E3 74 A8 67 33 .š å¢ÔHÞ.œçãt¨g3 01545BE0 E5 95 F4 56 F4 DC E3 9B 64 56 A1 0C 11 98 79 å•ôVôÜã›dV¡..˜y ...
trvk_pkg[edit source]
4[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00703BB0 00 00 00 00 00 ..... 00703BC0 00 00 00 00 00 00 00 00 00 02 60 53 43 45 00 00 ..........`SCE.. 00703BD0 00 00 02 00 00 00 02 00 00 00 00 00 00 00 00 00 ................ 00703BE0 00 02 00 00 00 00 00 00 00 00 60 BD 25 0F C3 46 ..........`½%.ÃF 00703BF0 1C ED 7C A9 0D 0B 63 31 C5 10 FD 5C A0 CA 58 D3 .í|©..c1Å.ý\ ÊXÓ 00703C00 F1 A9 DB B7 03 C5 94 66 83 C1 96 ñ©Û·.Å”fƒÁ– ...
5[edit source]
(same as 1)
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 01505B80 00 00 00 00 00 00 00 00 00 00 00 ........... 01505B90 00 00 00 02 60 53 43 45 00 00 00 00 02 00 00 00 ....`SCE........ 01505BA0 02 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 ................ 01505BB0 00 00 00 00 60 BD 25 0F C3 46 1C ED 7C A9 0D 0B ....`½%.ÃF.í|©.. 01505BC0 63 31 C5 10 FD 5C A0 CA 58 D3 F1 A9 DB B7 03 C5 c1Å.ý\ ÊXÓñ©Û·.Å 01505BD0 94 66 83 C1 96 ”fƒÁ– ...
6[edit source]
(same as 4)
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 01525B90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .............. 01525BA0 02 60 53 43 45 00 00 00 00 02 00 00 00 02 00 00 .`SCE........... 01525BB0 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 ................ 01525BC0 00 60 BD 25 0F C3 46 1C ED 7C A9 0D 0B 63 31 C5 .`½%.ÃF.í|©..c1Å 01525BD0 10 FD 5C A0 CA 58 D3 F1 A9 DB B7 03 C5 94 66 83 .ý\ ÊXÓñ©Û·.Å”fƒ 01525BE0 C1 96 Á– ...
ros[edit source]
7[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00001BA0 00 00 00 01 00 00 00 18 00 00 .......... 00001BB0 00 00 00 6F FF E0 00 00 00 00 00 00 04 90 00 00 ...oÿà.......... 00001BC0 00 00 00 00 42 98 61 69 6D 5F 73 70 75 5F 6D 6F ....B˜aim_spu_mo 00001BD0 64 75 6C 65 2E 73 65 6C 66 00 00 00 00 00 00 00 dule.self....... 00001BE0 00 00 00 00 00 00 00 00 00 00 00 00 47 30 00 00 ............G0.. 00001BF0 00 00 00 01 F6 D8 61 70 70 6C 64 72 00 00 00 00 ....öØappldr.... 00001C00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
8[edit source]
(same as 7) Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00705BA0 00 00 00 01 00 ..... 00705BB0 00 00 18 00 00 00 00 00 6F FF E0 00 00 00 00 00 ........oÿà..... 00705BC0 00 04 90 00 00 00 00 00 00 42 98 61 69 6D 5F 73 .........B˜aim_s 00705BD0 70 75 5F 6D 6F 64 75 6C 65 2E 73 65 6C 66 00 00 pu_module.self.. 00705BE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00705BF0 00 47 30 00 00 00 00 00 01 F6 D8 61 70 70 6C 64 .G0......öØappld 00705C00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r...............
9[edit source]
(same as 7) Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00E05B90 00 00 00 01 00 00 00 18 ........ 00E05BA0 00 00 00 00 00 6F FF E0 00 00 00 00 00 00 04 90 .....oÿà........ 00E05BB0 00 00 00 00 00 00 42 98 61 69 6D 5F 73 70 75 5F ......B˜aim_spu_ 00E05BC0 6D 6F 64 75 6C 65 2E 73 65 6C 66 00 00 00 00 00 module.self..... 00E05BD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 47 30 ..............G0 00E05BE0 00 00 00 00 00 01 F6 D8 61 70 70 6C 64 72 00 00 ......öØappldr.. 00E05BF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Note[edit source]
wiki v2 downgrader contains 2 patchsets, used on 3 offsets. Having 9 sounds like a bit of overkill to bloat the binairy.
Checks[edit source]
There is not much checked in the patcher: - only size is checked - and header "oÿà" (bytereversed, like with progskeet, teensy etc) versus "àÿo" (as E3).
10[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00001A30 0A 4E 00 61 00 6E 00 64 00 31 00 00 00 00 00 18 .N.a.n.d.1...... 00001A40 4E 00 61 00 6E 00 64 00 31 00 52 00 65 00 70 00 N.a.n.d.1.R.e.p. 00001A50 65 00 61 00 74 00 31 00 E5 FF 6F 00 14 4E 00 61 e.a.t.1.åÿo..N.a 00001A60 00 6E 00 64 00 31 00 53 00 74 00 61 00 72 00 74 .n.d.1.S.t.a.r.t 00001A70 00 ED FF 6F 00 0A 4E 00 61 00 6E 00 64 00 32 00 .íÿo..N.a.n.d.2. 00001A80 F5 FF 6F 00 14 4E 00 61 00 6E 00 64 00 32 00 53 õÿo..N.a.n.d.2.S 00001A90 00 74 00 61 00 72 00 74 00 FA 3F 70 00 12 4E 00 .t.a.r.t.ú?p..N. 00001AA0 61 00 6E 00 64 00 43 00 6F 00 75 00 6E 00 74 00 a.n.d.C.o.u.n.t. 00001AB0 02 40 70 00 08 4E 00 6F 00 72 00 31 00 05 40 70 [email protected]..@p 00001AC0 00 12 4E 00 6F 00 72 00 31 00 53 00 74 00 61 00 ..N.o.r.1.S.t.a. 00001AD0 72 00 74 00 EA 3F E0 00 08 4E 00 6F 00 72 00 32 r.t.ê?à..N.o.r.2 00001AE0 00 F2 3F E0 00 12 4E 00 6F 00 72 00 32 00 53 00 .ò?à..N.o.r.2.S. 00001AF0 74 00 61 00 72 00 74 00 D7 3F 50 01 08 4E 00 6F t.a.r.t.×?P..N.o 00001B00 00 72 00 33 00 DF 3F 50 01 12 4E 00 6F 00 72 00 .r.3.ß?P..N.o.r. 00001B10 33 00 53 00 74 00 61 00 72 00 74 00 E4 3F 52 01 3.S.t.a.r.t.ä?R. 00001B20 08 4E 00 6F 00 72 00 34 00 EC 3F 52 01 12 4E 00 .N.o.r.4.ì?R..N. 00001B30 6F 00 72 00 34 00 53 00 74 00 61 00 72 00 74 00 o.r.4.S.t.a.r.t. 00001B40 F1 3F 54 01 08 4E 00 6F 00 72 00 35 00 F9 3F 54 ñ?T..N.o.r.5.ù?T 00001B50 01 12 4E 00 6F 00 72 00 35 00 53 00 74 00 61 00 ..N.o.r.5.S.t.a. 00001B60 72 00 74 00 FE 3F 56 01 08 4E 00 6F 00 72 00 36 r.t.þ?V..N.o.r.6 00001B70 00 06 40 56 01 12 4E 00 6F 00 72 00 36 00 53 00 [email protected]. 00001B80 74 00 61 00 72 00 74 00 0B 40 58 01 10 4E 00 6F [email protected] 00001B90 00 72 00 43 00 6F 00 75 00 6E 00 74 00 13 40 58 .r.C.o.u.n.t..@X 00001BA0 01 20 E0 FF 6F 00 00 00 00 01 00 00 00 18 00 00 . àÿo........... 00001BB0 00 00 00 6F FF E0 00 00 00 00 00 00 04 90 00 00 ...oÿà..........
Thus it fails miserably in the comparison of Flowrebuilder' options like un/rescramble + de-/interleave, bytereverse, unpacking and autopatching, while checking and informing the user about possible errors in the dump.
Venix Downgrade GUI v1.2 BETA[edit source]
http://psx-scene.com/forums/content/venix-downgrade-gui-v1-2-beta-improved-validation-2135/
Quick bulletproof test[edit source]
wrongly detected:
- bad A0 wire -> Validation Failed00 byte count
- bad A1 wire -> Validation Failed00 byte count
- bad A2 wire -> Validation Failed00 byte count
- bad A3 wire -> Validation Failed00 byte count
- bad A4 wire -> Validation Failed00 byte count
- bad A5 wire -> Validation Failed00 byte count
- bad A6 wire -> Validation Failed00 byte count
- bad A7 wire -> Validation Failed00 byte count
- bad A8 wire -> Validation Failed00 byte count
- bad A9 wire -> Validation Failed00 byte count
- bad A10 wire -> Validation Failed00 byte count
- bad A11 wire -> Validation Failed00 byte count
- bad A12 wire -> Validation Failed00 byte count
- bad A13 wire -> Validation Failed00 byte count
- bad A14 wire -> Validation Failed00 byte count
- bad A15 wire -> Validation Failed00 byte count
- bad A16 wire -> Validation Failed00 byte count
- bad A17 wire -> Validation Failed00 byte count
- bad A18 wire -> Validation Failedff byte count
- bad A19 wire -> Validation Failed00 byte count
- bad A20 wire -> Validation Failed00 byte count
- bad A21 wire -> Validation Failed00 byte count
- bad A22 wire -> Validation Failedff byte count
- bad bootldr -> Validation Failed00 byte count
- bad bootldr -> Validation Failed00 byte count
- bad cCSD unreferenced area -> Validation Failed00 byte count
- bad cISD unreferenced area -> Validation Failed00 byte count
- bad EID unreferenced area -> Validation Failed00 byte count
- bad header -> Validation Failed00 byte count
- bad header asecure loader -> Validation Failed00 byte count
- bad header cISD -> Validation Failed00 byte count
- bad header cvtrm -> Validation Failed00 byte count
- bad header eEID -> Validation Failed00 byte count
- bad IFI -> Validation Failed00 byte count
- bad header trvk -> Validation Failed00 byte count
- bad metldr -> Validation Failed00 byte count
- bad/missing bootldr -> Validation Failedff byte count
- bad/missing cCSD -> Validation Failed00 byte count
- bad/missing cISD0 -> Validation Failed00 byte count
- bad/missing cISD1 -> Validation Failed00 byte count
- bad/missing cISD2 -> Validation Failed00 byte count
- bad/missing EID0 -> Validation Failed00 byte count
- bad/missing EID1 -> Validation Failed00 byte count
- bad/missing EID2 -> Validation Failed00 byte count
- bad/missing EID3 -> Validation Failed00 byte count
- bad/missing EID4 -> Validation Failed00 byte count
- bad/missing EID5 -> Validation Failed00 byte count
- bad/missing metldr -> Validation Failed00 byte count
- bad/missing PerConsoleNonce -> Validation Failed00 byte count
- bad patterned non 00's -> Validation Failed00 byte count
- bad patterned non FF's -> Validation Failed00 byte count
- bad region -> Validation Failed00 byte count
- bad filelength -> application hangs
- known good reference dumps (184) -> Validation Failed00 byte count
Conclusion[edit source]
USELESS, 100% valid files will be failing 00/ff check. Improper files will be failing 00/ff check too, and no detection of the root of the cause. Nothing was patched and gives the user a permanent false sense of having bad dumps without leads of what to solve.